Q Link Wireless is one of America’s fastest-growing Lifeline service providers. It currently offers low-cost mobile phone and data services to 2 million Americans, and now making sensitive account data available to anyone who knows a valid phone number on the carrier’s network.
The company is a Mobile Virtual Network Operator. Which means it doesn’t operate its own wireless network. Rather it purchases bulk services from other carriers and sells to its customers. It provides government-subsidized cell phones and calls services to low-income individuals through its Lifeline Assistance program.
The company currently partners with Hello Mobile to offer a variety of low-cost service plans. With Hello Mobile App customers can monitor the history of Text and phone calls, Data usage and purchase additional call minutes or data.
Hello Mobile’s My Mobile Account has been showing information such as First Name, Last Name, Home Address, Phone No. and History of phone calls to anyone who knows a customer’s phone number. This data is displayed for every customer account whenever a valid Q Link Wireless phone number is entered. Yes, even without a password or security code.
A Reddit user, who started a thread, confirmed that he had sent an email reporting this incidence. The screenshots below show evidence.
What this means
Data exposure is a critical security issue, and this is not the first time a company is failing in this regard. There are rumours that Q Link Wireless has received a dozen more messages but didn’t respond. This poses a risk to customers and marks the company as incapable of providing such service.
Hello Mobile’s App displays customers’ personal information, but provide no means to change any data. It doesn’t show passwords, meaning, anyone can carry out a SIM swap or block a user’s account.
As it stands, Hello Mobile is neither aware nor have they notified customers about this security issue. People using the service should consider any data displayed by the app to be available to anyone who has their phone number.
